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DETAILED ACTION 

1 . This Office action is in regards to the most recent papers filed on 1 5 June 2009. 

2. Claims 1 -5, 7-1 3 & 1 5-34 are pending. 

3. Claims 1-5, 7-13 & 15-34 are rejected. 

Response to Amendments and Arguments 

4. Applicant's arguments filed 15 June 2009 have been fully considered but they are 
not persuasive. 

5. Applicant argues in substance that "ROSI and Cantu Fail to Discloser Teach 
or Suggest Remote Loading an Operating System on a Client Node from a Server 
Node Wherein a Low Level of Trust is Required as the Trust Relationship 
Required between the Client Node and the Server Node is Not Established over a 
Network in which they are Communicatively Coupled and Generating another 
Public Value at the Server Node in Response to Receiving the Public Value from 
the Client Node" 

The examiner does not presently see a functional difference between remote 
operating system installation and remote operating system loading. 

As to the low level of required trust, the element does not produce a significant 
alteration to the method being performed. 

Additionally while in Cantu et al. their may be a preexisting relationship between 
the communicating parties that does not meant there is a preexisting trust relationship. 



Application/Control Number: 10/789,809 Page 3 

Art Unit: 2434 

The "trust relationship" requires the key exchange for the secure communications to 
function. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1 -5, 7, 9-1 3, 1 6-21 , 23-28 & 30-33 are rejected under 35 U.S.C. 1 03(a) as 
being unpatentable over Remote Operating System Installation ( ROSI ) in view of United 
States Patent Application Publication No. US 2001/0020228 A1 (Cantu et al.). 

Cantu et al incorporates the Handbook of Applied Cryptography ( Handbook ) 
(Cantu et al., Paragraph [0054], Lines 12-21 "Public key algorithms include the 
Rivest, Shamir, and Adleman (RSA) algorithm, or may include any public key encryption 
algorithm known in the art, such as Diffie and Hellman. Further details of public key 
encryption is described in the publication "An Overview of the PKCS Standards," RSA 
Laboratories Technical Note, by Burton S. Kaliski, Jr. (1993) and "Handbook of Applied 
Cryptography," by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone 
(1996), which publications are incorporated herein by reference in their entirety."). 
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8. Claims 1-3, 7, 9-11, 16-19, 23-26, 30 & 31 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over ( RQSI ) in view of (Cantu et al.). Interpreting the claims as 
establishing symmetric keys. 



As per Claim 1: RQSI in view of Cantu et al. teaches: An out-of-band method 
implemented on a computing device having instructions executable by a 
processor for asynchronously establishing a secure association with a server 
node, the method comprising: 



RQSI teaches: 

- allowing a client node to remotely load an operating system; 

- loading the operating system on the client node, wherein a profile of the 
operating system is stored on the server node; 

( RQSI . Page 5, Lines 1-34 " 

1. A PXE-enabled client connected to the network starts, and during the power up, the computer initiates 
a network service request. As part of the network service request, a DHCP discover packet is sent to the 
network requesting an IP address from the closest DHCP server, the IP address of an available RIS 
server, and as part of that request, the client sends its Globally Unique Identifier (GUID). (The GUID is 
present in client computers that are PC98- or Net PC-complaint and is found in the system BIOS of the 
computer.). The DHCP server responds to the request by providing an IP address to the client. Any 
available RIS server can respond with its IP address, and the name of the boot file the client should 
request if the client selects that RIS server for service. The user is prompted to press the function key, 
F12, to initiate service from that RIS server. 

2. The RIS server (using the BINL service) must check in Active Directory for the existence of a prestaged 
client computer account that matches this client computer. BINL checks for the existence of a client 
computer by querying Active Directory for a client computer that matches the GUID sent in step 1 . 

3. Once RIS has checked for the existence of a client computer account, the Client Installation wizard 
(CIW) is downloaded to the client computer, and prompts the user to log on to the network. 

4. Once the user logs on, RIS checks the Active Directory for a corresponding user account, verifying the 
password. RIS then checks the RIS specific Group Policy settings to find out which installation options the 
user should have access to. RIS also checks to see which operating system images the specific user 
should be offered, and the Client Installation wizard makes those options available to the client. 
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5. If the user is only allowed a single installation option and operating system choice, the user is not 
prompted to select anything. Rather, the Client Installation wizard warns the user that the installation will 
reformat their hard disk and previously stored information will be deleted, and then prompts the user to 
start the Remote OS Installation. 

6. Once the user confirms the installation settings on the summary screen, the operating system 
installation begins. At this point, if a client computer account was not present in Active Directory, the BINL 
service creates the client computer account, thus automatically providing a name for the computer. The 
operating system is installed locally as an unattended installation, which means the end user is not 
offered any installation choices during the operating system installation phase. 

The Remote OS Installation process is straightforward from an end user perspective. The administrator 
can guide the user through a successful operating system installation by pre-determining which 
installation options, if any, an end user has access to. The administrator can also restrict which operating 
system image or images a user has access to, thus ensuring the correct operating system installation 
type is offered to the user for a successful installation."). 



RQSI does not explicitly teach the following limitations however Cantu et al. in 
analogous art does teach the following limitations: 

- generating a local public value and a local private value on the client node 

( Handbook , Chapter 12, Page 516, Section 12.47, " 



12.47 Protocol Diffie-Heflman key agreement (basse version) 

SUMMARY: A mid B each send the other one message over m open channel. 
RESULT: shared secret K known to both parties .4 and B. 

1. One-time setup. An appropriate prime p and generator a of Z* (2<a<p- 2) are 
selected and published. 

2. Protocol messages, 

A—tB.cx* mod p (1) 
.4 <- /.? : or* mod p (2) 

3. Protocol actions , Perform the following steps each time a shared key is required. 

hi 1 _4 cii< e i i m i> in Ncciet s i _. ,r _ p — d. and end-. B me- , _c > 1 < 

i b * B chooses a inndom >eu er y 1 _ y _ p - 1 , u I > cud -.Am. n .mJi 

(c) B receives a* and computes the shared key as K ia x ) y mod p. 

(d) A receives a* mid computes the shared key as K — (a v ) x mod p. 



")■ 
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Party A is one node (the client node), or or p are the public value, and x is the 
private value. 

- storing the public value for configuration of the secure association on an out-of- 
band computer-readable storage medium wherein the stored public value is not 
used for authentication 

- transporting the out-of-band computer-readable storage medium to the server 
node 

- to establish a trust relationship allowing for remotely loading the operating 
system on the client node from the server node, wherein a low level of trust is 
required 

- as the trust relationship required between the client node and the server node is 
established by using a third party out-of-band entity; 

(Cantu et al., Paragraph [0107], "In the described implementations of FIGS. 8 
and 9, the parties exchanged public keys using computer diskettes or secure e -mail. 
However, alternative secure techniques can be used by the parties to exchange keys, 
whether or not such exchange occurs as part of a transaction related to the preexisting 
relationships 400, 402, 404 or some unrelated exchange."). 

Exchanging Keys using computer diskettes stores a value on the diskette 
(computer-readable storage medium) at the client node and transports the diskette to 
give the value to the server node. 
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- receiving from the server node a public value generated by the server node via 
the out-of-band computer-readable storage medium, wherein the public value 
generated by the server node is generated with a private value generated by the 
server node in response to receiving the public value from the client node; 

- generating a secret value using the local private value in combination with the 
public value received from the server node; wherein the receiving is 
asynchronous to the generating the secret value 

( Handbook , Chapter 12, Page 516, Section 12.47, " 



12.47 Protocol Diffie-Hellmars key agreement (basic version) 

SUMMARY: A and B each >end the othei one me > see over m open channel. 
RESULT: shared secret K known to both parties A and B. 

1. One-rime setup. An appropriate prime p and generator a ofZ* (2 < a < p - 2) are 
selected and published. 

2. Protocol messages, 

A -» B : a* mod p (1) 
A-i— B : a* mod p (2) 

3. Pfvtoco! actio; >. Perform die following steps each time a shared key is required, 

ui) A di"eM, md tin -eciet i 1£j £]>- 2, and end- B me-. a_ r e 1 - 

(b) B chooses a random secret J < y < p - 2. and sends ,4 message (2). 

(c) £ receives er and computes the shared key as A' -~ (a*)* mod p. 

(d) A receives o- v and computes the shared key as K ■■■■ (ge^) 35 mod p. 

")■ 

Protocol actions, Step (d); Shared key K is the generated secret value. 

It would have been obvious to one of ordinary skill in the art to incorporate the 
teaching of Cantu et al. in to RQSI's method in order to secure the Remote OS 
installation communications from sniffers/eavesdroppers that would seek to obtain 
unauthorized access and/or other information that would harm the legitimate operations 
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of a standing system/organization. It would be particularly obvious in view of ROSI's 
recognition of this strategic week point. ( ROSI , Page 26, Lines 29-34 " 
Question: Is the pre-boot portion of the PXE remote boot ROM secure? 
Answer: No. The entire ROM sequence and operating system installation/replication is 
not secure with regard to packet type encryption, client/server spoofing, or wire sniffer 
based mechanisms. As such, use caution when using Remote OS Installation on your 
corporate network. Ensure that you only allow authorized RIS servers on your network, 
and that the number of administrators allowed to install and/or configure RIS servers is 
controlled."). 

As per Claim 2: The rejection of claim 1 is incorporated and further Cantu et al. 
teaches: 

- the method is performed on both of a pair of nodes, and wherein further the 
secret values generated at both of the nodes are symmetric 

( Handbook . Chapter 12, Page 516, Section 12.47, " 
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12.47 Protocol Diffie-Hellman key agreement (basic version} 

SUMMARY: A and B each send the other one message over an open channel. 
RESULT: shared secret K known to both parlies A and B. 

1 Qsii-n m -i f < p Am appropriate prime p mid genemtoi q of Z* (2 < a < p - 2) are 
selected and published. 

2. oroco ' ;»slO ' ages . 

A B : a* mod p < 1 } 
A 4— B : a*' mod p (2) 

3, Protocol actions: Perform the following steps each time a shared key is required, 

ta) A chooses a random secret x. I < x <p — 2, and sends B message (1). 

(b) B chooses a random secrecy i < y < p - 2. and sends ,4 message (2). 

(c) B receives cr" and computes the shared key as A' ^= (a*)'* 1 mod p. 

(d) ,4 receives a- and computes the shared key as K ya r f mod p. 

")■ 

The method is performed at both nodes. Both nodes generate the secret value 
shared key K. 

As per Claim 3: The rejection of claim 2 is incorporated and further a performing a 
Diffie-Hellman key agreement as discussed in claims 1 and 2 is a Diffie-Hellman 
computation. 



As per Claim 7: The rejection of claim 1 is incorporated and further Cantu et al. 



- the receiving of the public value from the other node via an out-of-band 
mechanism includes downloading the public value from an external device 
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(Cantu et al., Paragraph [0107], "In the described implementations of FIGS. 8 
and 9, the parties exchanged public keys using computer diskettes or secure e -mail. 
However, alternative secure techniques can be used by the parties to exchange keys, 
whether or not such exchange occurs as part of a transaction related to the preexisting 
relationships 400, 402, 404 or some unrelated exchange."). 

A computer diskette is an external device. 

As per Claim 9: Claim 9 is substantially the method claim of claim 1 as a computer 
readable storage medium and is rejected under substantially the same reasoning as set 
forth in the rejection of claim 1 . 

As per Claim 10: The rejection of claim 9 is incorporated and further: 

Claim 10 is substantially the method claim of claim 2 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 2. 

As per Claim 11: The rejection of claim 9 is incorporated and further: 

Claim 1 1 is substantially the method claim of claim 3 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 3. 
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As per Claim 16: Claim 16 is substantially the method claim of claim 1 as an apparatus 
and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 1. 

As per Claim 17: The rejection of claim 16 is incorporated and further: 

Claim 17 is substantially the method claim of claim 2 as an apparatus and is 
rejected under substantially the same reasoning as set forth in the rejection of claim 2. 

As per Claim 18: The rejection of claim 16 is incorporated and further in accordance 
with Cantu et al.'s method the other node may be a server. 

As per Claim 19: The rejection of claim 16 is incorporated and further: 

Claim 19 is substantially the method claim of claim 3 as an apparatus and is 
rejected under substantially the same reasoning as set forth in the rejection of claim 3. 

As per Claim 23: Claim 23 is substantially the method claim of claim 1 as a protocol 
and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 1. 

As per Claim 24: The rejection of claim 23 is incorporated and further: 

Claim 24 is substantially the method claim of claim 2 as a protocol and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 2. 
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As per Claim 25: The rejection of claim 24 is incorporated and further: 

Claim 25 is substantially the method claim of claim 3 as a protocol and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 3. 

As per Claim 26: The rejection of claim 24 is incorporated and further as both parties 
end up with shared key K in the Diffie-Hellman method the shared secret is 
symmetrical. 

As per Claim 30: Claim 30 is substantially the method claim of claim 1 as an apparatus 
and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 1. 

As per Claim 31: The rejection of claim 30 is incorporated and further: 

Claim 31 is substantially the method claim of claim 3 as an apparatus and is 
rejected under substantially the same reasoning as set forth in the rejection of claim 3. 

9. Claims 1, 4, 5, 7, 9, 12, 13, 16, 18, 20, 21, 23, 27, 28, 30, 32 & 33 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over ( ROSI ) in view of (Cantu et al.). 
Interpreting the claims as establishing symmetric keys. 
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As per Claim 1: ROSI in view of Cantu et al. teaches: An out-of-band method 
implemented on a computing device having instructions executable by a 
processor for asynchronously establishing a secure association with a server 
node, the method comprising: 



ROSI teaches: 

- allowing a client node to remotely load an operating system; 

- loading the operating system on the client node, wherein a profile of the 
operating system is stored on the server node; 

( ROSI , Page 5, Lines 1-34 " 

1. A PXE-enabled client connected to the network starts, and during the power up, the computer initiates 
a network service request. As part of the network service request, a DHCP discover packet is sent to the 
network requesting an IP address from the closest DHCP server, the IP address of an available RIS 
server, and as part of that request, the client sends its Globally Unique Identifier (GUID). (The GUID is 
present in client computers that are PC98- or Net PC-complaint and is found in the system BIOS of the 
computer.). The DHCP server responds to the request by providing an IP address to the client. Any 
available RIS server can respond with its IP address, and the name of the boot file the client should 
request if the client selects that RIS server for service. The user is prompted to press the function key, 
F12, to initiate service from that RIS server. 

2. The RIS server (using the BINL service) must check in Active Directory for the existence of a prestaged 
client computer account that matches this client computer. BINL checks for the existence of a client 
computer by querying Active Directory for a client computer that matches the GUID sent in step 1 . 

3. Once RIS has checked for the existence of a client computer account, the Client Installation wizard 
(CIW) is downloaded to the client computer, and prompts the user to log on to the network. 

4. Once the user logs on, RIS checks the Active Directory for a corresponding user account, verifying the 
password. RIS then checks the RIS specific Group Policy settings to find out which installation options the 
user should have access to. RIS also checks to see which operating system images the specific user 
should be offered, and the Client Installation wizard makes those options available to the client. 

5. If the user is only allowed a single installation option and operating system choice, the user is not 
prompted to select anything. Rather, the Client Installation wizard warns the user that the installation will 
reformat their hard disk and previously stored information will be deleted, and then prompts the user to 
start the Remote OS Installation. 

6. Once the user confirms the installation settings on the summary screen, the operating system 
installation begins. At this point, if a client computer account was not present in Active Directory, the BINL 
service creates the client computer account, thus automatically providing a name for the computer. The 



Application/Control Number: 10/789,809 
Art Unit: 2434 



Page 14 



operating system is installed locally as an unattended installation, which means the end user is not 
offered any installation choices during the operating system installation phase. 

The Remote OS Installation process is straightforward from an end user perspective. The administrator 
can guide the user through a successful operating system installation by pre-determining which 
installation options, if any, an end user has access to. The administrator can also restrict which operating 
system image or images a user has access to, thus ensuring the correct operating system installation 
type is offered to the user for a successful installation."). 

ROSI does not explicitly teach the following limitations however Cantu et al. in 
analogous art does teach the following limitations: 

- generating a local public value and a local private value on the client node 

( Handbook . Chapter 8, Page 286, Section 8.1 - 8.2, " 



8.1 Algorithm Ke\ gei -at j i f 'i RSA pub i* -He, encrypt on 

SUMMARY: each entity creates an RSA. public key and a corresponding private key. 
Each entity A should do the following: 

1 , Generate two large random (and distinct) primes p and q. each roughly the same size. 

2, Compute n~ pq and $ = (p — l)(q — 1 ). (See Note 8.5.) 

3, Select a random integer e. 1 < e < <p\ such that gcd(e y <P) ------ I. 

4, Use the extended Euclidean algorithm (Algorithm 2 . 1 07 ; to compute the unique in- 
teger d, 1 < d < (p. such that ed = 1. (mod <j>). 

5, A's public key is (n,e); A\ private key is d. 



8.2 Definition: rhe integers e and a in RSA key generation are called The em-npriou exponent 
and the decryption exponent, respectively, while n is called the modulus.. 



")■ 

Public key (n,e) is the public value, Private key d is the private value. 
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- storing the public value for configuration of the secure association on an out-of- 
band computer-readable storage medium wherein the stored public value is not 
used for authentication 

- transporting the out-of-band computer-readable storage medium to the server 
node 

- to establish a trust relationship allowing for remotely loading the operating 
system on the client node from the server node, wherein a low level of trust is 
required as the trust relationship required between the client node and the server 
node is established by using a third party out-of-band entity; 

- receiving from the server node a public value generated by the server node via 
the out-of-band computer-readable storage medium wherein the public value 
generated by the server node is generated with a private value generated by the 
server node in response to receiving the public value from the client node 

(Cantu et al., Paragraph [0107], "In the described implementations of FIGS. 8 
and 9, the parties exchanged public keys using computer diskettes or secure e -mail. 
However, alternative secure techniques can be used by the parties to exchange keys, 
whether or not such exchange occurs as part of a transaction related to the preexisting 
relationships 400, 402, 404 or some unrelated exchange."). 

Exchanging Keys using computer diskettes stores a value on the diskette 
(computer-readable storage medium) at one node and transports the diskette to give 
the value to the other node. 

( Handbook . Chapter 8, Page 286, Section 8.3, " 
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8.3 Algorithm RS.A i sryption 

SUMMARY: B encrypts a message m for A which A decrypts. 
1. Encryption. B should do the following: 
(a? Obtain A's authentic public key in, e). 

(b) Represent the message as an integer m in the interval (f), n - i). 

ic) Compute c ???/■ mod n £e.g. ? using Algorithm 2. 143). 

id) Send the ciphertext c to A 

J I v iyi & 7 > i eei >\ ei plaintext 7? In m t A arid .to lit follow ing 
(a) Use the private key d to recover m d 1 mod «. 



The obtained public key is the received public value. 



- generating a secret value using the local private value in combination with the 
public value received from the server node; wherein the receiving is 
asynchronous to the generating the secret value 

( Handbook , Chapter 8, Page 290, Section 8.2.3, " 



8,2.3 RSA encryption in practice 

There are numerous ways of speeding up RSA encryption and decryption in software and 
narda* iiv in i rines r itions S >me - i me e techniques ue c svered m < hapter 14 includ- 
ing fast modular multiplication (§14.3), fast modular exponentiation (§14.6). and the use 
oft e obi e e rem ter the -in r fa tei leer ptioi N te 14.75 Evenwiil the e im- 
provements, RSA eucrypti* s/deerypti m . ul f i. alb .x vei ban the commonly used 
syumietric-key encryption algorithms such as DES (Chapter 7). In practice. RSA encryp- 
tion is most commonly used for the transport of symmetric -key encryption algorithm keys 
and for the encryption of small data items. 

Hie RSA eryptosystem has been patented in the U.S. and Canada. Several standards 
rganizati i have written oi are in the proce * of writing >tandard th t sMresa the use 
of the RSA crypt em for encrypt i ligi j! ign tine- aid e establi hment F*> dis- 
c -M-m i if patent ,mJ st.m Lu h : ^ ichmd v F sA. ec < haptei * 



")■ 
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The secret value is the symmetric-key established though the use of the RSA 
public and private keys. 

It would have been obvious to one of ordinary skill in the art to incorporate the 
teaching of Cantu et al. in to RQSI's method in order to secure the Remote OS 
installation communications from sniffers/eavesdroppers that would seek to obtain 
unauthorized access and/or other information that would harm the legitimate operations 
of a standing system/organization. It would be particularly obvious in view of RQSI's 
recognition of this strategic week point. (ROSI, Page 26, Lines 29-34 " 
Question: Is the pre-boot portion of the PXE remote boot ROM secure? 
Answer: No. The entire ROM sequence and operating system installation/replication is 
not secure with regard to packet type encryption, client/server spoofing, or wire sniffer 
based mechanisms. As such, use caution when using Remote OS Installation on your 
corporate network. Ensure that you only allow authorized RIS servers on your network, 
and that the number of administrators allowed to install and/or configure RIS servers is 
controlled."). 

As per Claim 4: The rejection of claim 1 is incorporated and further Cantu et al. 
teaches: 

- retaining the secret value locally 

It is inherently necessary to retain the secret value in order to take any further 
action using it or based on it. 
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- protecting the secret value using the public value received from the other node 

- transmitting the protected secret value to the other node 

( Handbook , Chapter 8, Page 286, Section 8.3, " 



8.3 Algorithm RSA public-key encryption 

SUMMARY: B encrypts a message m for A, which A decrypts. 
I F'..i_t ,r J - B should Jo the f -11 ^ Hid 

(a) Obtain A's authentic public key (n,e). 

(b) Repiesent the me jsage - in integei m in the intei\ai 0, n - t|. 

(c) Compute c = m e mod n (e.g., using Algorithm 2.143 r 

(d) Send the ciphertext c to A. 

1 D To iec> \ ei pi mitext m fi. m o. -4 should do the following: 

(a) Use the private key d to recover m = e rf mod n. 



( Handbook , Chapter 8, Page 290, Section 8.2.3, 



8,2.3 RSA encryption in practice 

There are numerous ways of speeding up RSA encryption and decryption in software and 
hardware implementations. Some of these techniques are covered in Chapter 14 includ- 
ing ia-0 1 1« 1 t In tuiilLpht.aht.ni' 14 - L, t in J hi e v tieu a, ^'<;i4v > m J the use 
of the Chinese remainder theorem for faster decryption (Note 14.75). Even with these hri- 
pi vements RSA encrypti i ieci j ti n ut tant \lb > er than the c mm uh used 
symmetric -key encryption algorithms such as DES (Chapter 7). in practice, RSA encryp- 
tion is most commonly used fbi the imp of o ;tric- ey enci tioi Igorithm keys 
and for the encryption of small data items. 

The RSA cryptosysrern has been patented in the U S and Canada. Several standards 
organizations have written, or are m the process of writing, standards that address the use 
of the RSA cryptosystem for encryption, di si isaiature snd e establishment Fordis- 
cussiouofp iienwaid -v-niu Un^:e iclat.do PsA ee f'haptei 1 ? 
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In the practice of using RSA encryption for transporting the secret value 
(symmetric-key); The symmetric-key would be the contents of message m protected by 
the received public key sent as the protected value c. 

- via an out-of-band mechanism 

(Cantu et al., Paragraph [0107], "In the described implementations of FIGS. 8 
and 9, the parties exchanged public keys using computer diskettes or secure e -mail. 
However, alternative secure techniques can be used by the parties to exchange keys, 
whether or not such exchange occurs as part of a transaction related to the preexisting 
relationships 400, 402, 404 or some unrelated exchange."). 

A computer diskettes is an out-of-band mechanism. 

As per Claim 5: The rejection of claim 4 is incorporated and further a performing RSA 
encryption practices as discussed in claims 1 and 4 is a Rivest-Shamir-Adleman (RSA) 
computation. 

As per Claim 7: The rejection of claim 1 is incorporated and further Cantu et al. 
teaches: 

- the receiving of the public value from the other node via an out-of-band 
mechanism includes downloading the public value from an external device 
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(Cantu et al., Paragraph [0107], "In the described implementations of FIGS. 8 
and 9, the parties exchanged public keys using computer diskettes or secure e -mail. 
However, alternative secure techniques can be used by the parties to exchange keys, 
whether or not such exchange occurs as part of a transaction related to the preexisting 
relationships 400, 402, 404 or some unrelated exchange."). 

A computer diskette is an external device. 

As per Claim 9: Claim 9 is substantially the method claim of claim 1 as a computer 
readable medium and is rejected under substantially the same reasoning as set forth in 
the rejection of claim 1 . 

As per Claim 12: The rejection of claim 9 is incorporated and further: 

Claim 12 is substantially the method claim of claim 4 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 4. 

As per Claim 13: The rejection of claim 12 is incorporated and further: 

Claim 13 is substantially the method claim of claim 5 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 5. 
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As per Claim 16: Claim 16 is substantially the method claim of claim 1 as an apparatus 
and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 1. 

As per Claim 18: The rejection of claim 16 is incorporated and further in accordance 
with Cantu et al.'s method the other node may be a server. 

As per Claim 20: The rejection of claim 16 is incorporated and further: 

Claim 20 is substantially the method claim of claim 4 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 4. 

As per Claim 21: The rejection of claim 20 is incorporated and further: 

Claim 21 is substantially the method claim of claim 5 as a computer readable 
medium and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 5. 

As per Claim 23: Claim 23 is substantially the method claim of claim 1 as a protocol 
and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 1. 

As per Claim 27: The rejection of claim 23 is incorporated and further: 
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Claim 27 is substantially the method claim of claim 4 as a protocol and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 4. 

As per Claim 28: The rejection of claim 27 is incorporated and further: 

Claim 28 is substantially the method claim of claim 5 as a protocol and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 5. 

As per Claim 30: Claim 30 is substantially the method claim of claim 1 as an apparatus 
with means for and is rejected under substantially the same reasoning as set forth in the 
rejection of claim 1 . An apparatus conducting these processes inherently has a means 
for doing so. 

As per Claim 32: The rejection of claim 30 is incorporated and further: 

Claim 32 is substantially the method claim of claim 4 as an apparatus with means 
for and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 4. An apparatus conducting these processes inherently has a means for doing so. 

As per Claim 33: The rejection of claim 32 is incorporated and further: 

Claim 33 is substantially the method claim of claim 5 as an apparatus with means 
for and is rejected under substantially the same reasoning as set forth in the rejection of 
claim 5. An apparatus conducting these processes inherently has a means for doing so. 
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10. Claims 8, 15, 22, 29 & 34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over ( ROSI ) in view of (Cantu et al.). In further view of Official Notice. 

As per Claim 8: The rejection of either claim 7 is incorporated and further Cantu et al. 
does not explicitly teach: 

- the external device is any one of a personal digital assistant (PDA), flash 
memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth- 
compatible device, and infrared-compatible device. 

However the Examiner is giving Official Notice that these are all functional equivalents 
of computer diskettes that were well know in the art at the time of invention was made. 
It would have been obvious to one of ordinary skill in the art at the time of invention was 
made to incorporate compatibility with these various mediums into Cantu et al.'s method 
in order to have a variedly of redundant/faster/convenient mediums available to the 
working system. 

As per Claim 15: The rejection of either claim 9 is incorporated and further: 

Claim 15 is substantially a restatement of the limitation of claim 8 and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 8. 

As per Claim 22: The rejection of either claim 16 is incorporated and further: 

Claim 22 is substantially a restatement of the limitation of claim 8 and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 8. 
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As per Claim 29: The rejection of either claim 23 is incorporated and further: 

Claim 34 is substantially a restatement of the limitation of claim 8 and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 8. 

As per Claim 34: The rejection of either claim 30 is incorporated and further: 

Claim 34 is substantially a restatement of the limitation of claim 8 and is rejected 
under substantially the same reasoning as set forth in the rejection of claim 8. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BENJAMIN A. KAPLAN whose telephone number is 
(571)-270-3170. The examiner can normally be reached on 7:30 a.m. - 5:00 p.m. 
E.S.T.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Benjamin A Kaplan/ 
Examiner, Art Unit 2434 

/Kambiz Zand/ 
Supervisory Patent Examiner, Art Unit 2434 



